Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 11321 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG V17: E-Mail recipient verification not working

Tobias_F

Hello,

"recipient verification" and smart host are features I was waiting for. But when I switch on the function "recipient verification by call-out" in XG V17.0.0 nothing happens. Mails to a non-existing user at the domain still are getting accepted by XG. XG is set-up in MTA mode to forward the incoming mails to an Exchange server. When I was using UTM before this perfectly was working.

Bug or do I use the feature in a wrong way?

 



This thread was automatically locked due to age.
Parents
  • +1

    Hello Tobias

    With Recipient Verification via the callout method it does rely on the downstream server (Exchange most likely) rejecting a message to an incorrect recipient at the "RCPT TO" stage of the SMTP transaction.

    If your downstream server is not rejecting at this stage for non-existing users then callout won't work.

    This has been made harder to achieve recently with Exchange 2013 and 2016 - Microsoft in there infinite wisdom changed Exchange Mailbox/Hub roles so that if the usual recipient filtering is installed it rejects at the DATA stage.

    If you have Exchange 2013/2016 and only have the Mailbox/Hub role installed (most likely) and not the Edge role (will work fine with edge) then you cant do callout recipient verification over port 25 as before and must use a different port (2525 or pick one).

    I would link to a Sophos KB article but I don't think they have one so this SpamTitan article is full and complete:
    helpdesk.spamtitan.com/.../4000003763-dynamic-recipient-verification-using-exchange-2013-and-2016

  • 0 in reply to AlexBruce

    Hello,

    thank you for the explanation.

    It is correct. It is Exchange 2016 and without Edge role. I checked Exchange with a SMTP test tools. In the RCPT TO stage the message is getting accepted. Later it is getting rejected by Exchange and an error message is send back:

    RCPT TO: test@XXXXXXX.de
    250 2.1.5 Recipient OK

    But somehow when I was using UTM before migration to XG the sender verification worked. So, it must have been a different verification method than callout. I cannot remember anymore.

     

    But I found out a workaround that is acceptable for me. Instead of defining the domain only in XG I define all valid e-mail addresses. As there only are a few and they more or less are not changing I can live with this. 

Reply
  • 0 in reply to AlexBruce

    Hello,

    thank you for the explanation.

    It is correct. It is Exchange 2016 and without Edge role. I checked Exchange with a SMTP test tools. In the RCPT TO stage the message is getting accepted. Later it is getting rejected by Exchange and an error message is send back:

    RCPT TO: test@XXXXXXX.de
    250 2.1.5 Recipient OK

    But somehow when I was using UTM before migration to XG the sender verification worked. So, it must have been a different verification method than callout. I cannot remember anymore.

     

    But I found out a workaround that is acceptable for me. Instead of defining the domain only in XG I define all valid e-mail addresses. As there only are a few and they more or less are not changing I can live with this. 

Children
No Data